step-functions-state-machine-logging-enabled
Checks if Amazon Step Functions machine has logging enabled. The rule is NON_COMPLIANT if a state machine does not have logging enabled or the logging configuration is not at the minimum level provided.
Identifier: STEP_FUNCTIONS_STATE_MACHINE_LOGGING_ENABLED
Resource Types: AWS::StepFunctions::StateMachine
Trigger type: Configuration changes
Amazon Web Services Region: All supported Amazon regions except US ISO West, US ISO East, Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), US ISOB East, Asia Pacific (Melbourne), Amazon GovCloud (US-East), Amazon GovCloud (US-West), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region
Parameters:
- cloudWatchLogGroupArns (Optional)
- Type: CSV
-
Comma-separated list of Amazon Resource Names (ARNs) for Amazon CloudWatch Logs log groups. The rule checks if the specified log groups are configured for your state machine logs.
- logLevel (Optional)
- Type: String
-
The minimum log level for your state machine. Valid values include: ALL, ERROR, FATAL.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.